The TANDBERG VCS appliance is deployed by default with a DSA ssh key pair stored in files:
/tandberg/sshkeys/ssh_host_dsa_key
/tandberg/sshkeys/ssh_host_dsa_key.pub

In tested versions of the firmware, this default key has a fingerprint of:
49:53:bf:94:2a:d7:0c:3f:48:29:f7:5b:5d:de:89:b8

No new key is generated upon installation. In addition, this default key would overwrite any SSH server keys, if installed by security-conscious administrators previously, during a firmware upgrade.

Due to the public nature of this key an attacker would be able to conduct server impersonation and man-in-the-middle attacks on SSH connections directed at any TANDBERG VCS device. A successful exploit would most likely yield an attacker shell access to the device with privileges of the victim client.

Workaround:
Immediately replace the current SSH host key with a new one. This may be accomplished through one of several methods. One approach is to simply log in to the device locally and use the ssh-keygen utility to replace the keys stored in /tandberg/sshkeys/. Consult TANDBERG documentation for other methods.

After replacing the SSH host keys, it is recommended that the VCS firmware be upgraded to X5.1.1 as soon as possible. NOTE: Upgrading or downgrading to versions prior to X5.1.1 will cause any custom SSH host keys to be overwritten. Version X5.1.1 and later should preserve any custom host keys previously installed. As a precaution, after upgrading or downgrading VCS firmwares, verify that the host key has not changed back to the publicly known one with fingerprint: 49:53:bf:94:2a:d7:0c:3f:48:29:f7:5b:5d:de:89:b8